diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 09b6fe5438..14e3b4c40b 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -320,6 +320,7 @@ class LoginController extends Controller { // requires https://github.com/owncloud/core/pull/24616 $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); + $this->userSession->updateTokens($loginResult->getUID(), $password); // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 19aba58b05..a27a875a27 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -347,5 +347,7 @@ class DefaultTokenProvider implements IProvider { $this->invalidateToken($tokenId); } - + public function updatePasswords(string $uid, string $password) { + // Nothing to do here + } } diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index d1b067868b..7ee76b7b38 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -164,4 +164,12 @@ interface IProvider { * @param string $tokenId */ public function markPasswordInvalid(IToken $token, string $tokenId); + + /** + * Update all the passwords of $uid if required + * + * @param string $uid + * @param string $password + */ + public function updatePasswords(string $uid, string $password); } diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 711d211039..7c991eadea 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -232,4 +232,11 @@ class Manager implements IProvider { public function markPasswordInvalid(IToken $token, string $tokenId) { $this->getProvider($token)->markPasswordInvalid($token, $tokenId); } + + public function updatePasswords(string $uid, string $password) { + $this->defaultTokenProvider->updatePasswords($uid, $password); + $this->publicKeyTokenProvider->updatePasswords($uid, $password); + } + + } diff --git a/lib/private/Authentication/Token/PublicKeyTokenMapper.php b/lib/private/Authentication/Token/PublicKeyTokenMapper.php index 5e5c69dbc4..df91066c44 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php +++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php @@ -169,4 +169,19 @@ class PublicKeyTokenMapper extends QBMapper { $qb->execute(); } + + public function hasExpiredTokens(string $uid): bool { + $qb = $this->db->getQueryBuilder(); + $qb->select('*') + ->from('authtoken') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL)) + ->setMaxResults(1); + + $cursor = $qb->execute(); + $data = $cursor->fetchAll(); + $cursor->closeCursor(); + + return count($data) === 1; + } } diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 9afdb5a8ff..33c0b1d59e 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -327,5 +327,20 @@ class PublicKeyTokenProvider implements IProvider { $this->mapper->update($token); } + public function updatePasswords(string $uid, string $password) { + if (!$this->mapper->hasExpiredTokens($uid)) { + // Nothing to do here + return; + } + + // Update the password for all tokens + $tokens = $this->mapper->getTokenByUser($uid); + foreach ($tokens as $t) { + $publicKey = $t->getPublicKey(); + $t->setPassword($this->encryptPassword($password, $publicKey)); + $this->updateToken($t); + } + } + } diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 8ac42eac4e..a9c638dca9 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -950,5 +950,9 @@ class Session implements IUserSession, Emitter { } } + public function updateTokens(string $uid, string $password) { + $this->tokenProvider->updatePasswords($uid, $password); + } + }